Customized CB auto action CB Gallery - Privacy - Authorized

I'm having trouble to understanding the logic of the plugin.
The solution written in my previous post does not work.
I have the structure as in attachment 1 and the cb rule is configured on the access level corresponding to "Premium" for all groups "NNNN Premium (Group)"
Despite the double condition, the content (whatever the cb confidentiality rule) is seen by all those who are in one of the usergroups children of "subscribers" while the value of [cb_id_groupe_acl_premium] is different for each group.
I assume that in the auto action [user_id] is the "viewer user" and [loop_user_id] the "displayed user"
How to configure the auto action so that confidentiality is applied correctly?

phcprod wrote: I'm having trouble to understanding the logic of the plugin.
The solution written in my previous post does not work.
...

I don't see any setting based on access level, but only on user-groups in your previous posts.

For access-levels, you should be able to use:

[cb:if viewaccesslevel includes "1"]I am Public[/cb:if]
[cb:if viewaccesslevel !includes "1"]I am NOT Public[/cb:if]

and any other substitutions listed in our documentation:
www.joomlapolis.com/documentation/279-community-builder/tutorials/18353-using-substitutions-throughout-cb

Ok, looks like you're wanting to stop the authorization check done by CB Privacy if the viewing user has a usergroup that matches cb_id_groupe_acl_premium. To do this make a copy of "CB Gallery - Privacy - Authorized" in CB Auto Actions > System Actions and then unpublish the "CB Gallery - Privacy - Authorized" system action. Now publish your copy of the system action. This effectively replaces the system action with your own. Next add the following AND condition (use the "Add AND Rows" button).

Field: Custom > Code
Code: Operator: Not Equal To
Value: SKIP

We have to use PHP for this because we can't nest a complicated substitution inside of a substitution. It only allows nesting simple substitutions. So instead we'll use PHP to build a user object from the loop_user_id. We then get that users field value for cb_id_groupe_acl_premium. Next we see if the viewing user has cb_id_groupe_acl_premium in their list of usergroups. If they do it will respond with SKIP and cause the condition to block the auto action from working, which blocks the CB Privacy check from taking place.

Instead of replacing the system action however you could just override the authorized check in CB Privacy with custom behavior. To do this you'd use the below.

Global
Triggers: privacy_onAuthorized
Type: Code
User: Specific
User IDs: [var3_user_id]
Access: Everybody
Conditions
Condition 1
Field: Custom > Value
Custom Value: [var3_asset]
Operator: Is REGEXP
Value: /^gallery./
Condition 2
Field: Custom > Value
Custom Value: [cb:if user="[var2]" usergroup includes "[cb_id_groupe_acl_premium]"]ALLOWED[/cb:if]
Operator: Equal To
Value: ALLOWED
Action
Method: PHP
Code: Parameters
Reference Variables: Variable 1

What the above does is first checks if the privacy rule is being applied to CB Gallery. If it is it checks if the accessing user (their user id is sent in [var2]) has a usergroup matching [cb_id_groupe_acl_premium] for the owner of the privacy rule. If they do then it sets var1 to true, which tells it they're authorized to have access to whatever that privacy rule is protecting. This should be a cleaner approach to avoid having to maintain a copy of a system action.

I assume that in the auto action [user_id] is the "viewer user" and [loop_user_id] the "displayed user"

Correct. The [loop] variable is actually the objects being looped. In this case it's the gallery media objects. So [loop_user_id] is actually just the owner of the gallery media.